Compare commits

..

No commits in common. "alex" and "rawhide" have entirely different histories.

5 changed files with 69 additions and 251 deletions

View file

@ -2,39 +2,69 @@
# Version suffix in URL when building release candidates # Version suffix in URL when building release candidates
%global rcx %{nil} %global rcx %{nil}
%global ghversion 1.66.0
%{?python_enable_dependency_generator} %{?python_enable_dependency_generator}
%if "%{rcx}"
%global rcv ~%{rcx}
%else
%global rcv %{nil}
%endif
Name: matrix-%{srcname} Name: matrix-%{srcname}
Version: %{ghversion}%{rcv} Version: 1.26.0
Release: 1%{?dist} Release: 1%{?dist}
Summary: A Matrix reference homeserver written in Python using Twisted Summary: A Matrix reference homeserver written in Python using Twisted
License: ASL 2.0 License: ASL 2.0
URL: https://github.com/matrix-org/%{srcname} URL: https://github.com/matrix-org/%{srcname}
Source0: %{url}/archive/v%{ghversion}%{rcx}/%{srcname}-%{ghversion}%{rcx}.tar.gz Source0: %{url}/archive/v%{version}%{rcx}/%{srcname}-%{version}%{rcx}.tar.gz
Source1: synapse.sysconfig Source1: synapse.sysconfig
Source2: synapse.service Source2: synapse.service
Source4: synapse@.service
Source3: matrix-synapse.sysusers
BuildArch: noarch BuildArch: noarch
Recommends: %{name}+postgres
Recommends: %{name}+systemd
BuildRequires: python3-devel BuildRequires: python3-devel
BuildRequires: python3-setuptools
# Test dependencies
BuildRequires: python3-mock >= 2.0
BuildRequires: python3-parameterized >= 0.7.0
BuildRequires: /usr/bin/openssl BuildRequires: /usr/bin/openssl
BuildRequires: systemd-rpm-macros
# Workaround missing python-saml2 dependencies in f35 and f36. # Package dependencies
#BuildRequires: python3-txacme >= 0.9.2
BuildRequires: python3-attrs >= 19.1.0
BuildRequires: python3-authlib
BuildRequires: python3-bcrypt >= 3.1.0
BuildRequires: python3-bleach >= 1.4.3
BuildRequires: python3-canonicaljson >= 1.4.0
BuildRequires: python3-daemonize >= 2.3.1
BuildRequires: python3-frozendict >= 1.0
BuildRequires: python3-idna >= 2.5
BuildRequires: python3-jinja2 >= 2.9
BuildRequires: python3-jsonschema >= 2.5.1
BuildRequires: python3-jwt
BuildRequires: python3-lxml >= 3.5.0
BuildRequires: python3-matrix-synapse-ldap3 >= 0.1
BuildRequires: python3-msgpack >= 0.5.2
BuildRequires: python3-netaddr >= 0.7.18
BuildRequires: python3-phonenumbers >= 8.2.0
BuildRequires: python3-pillow >= 4.3.0
BuildRequires: python3-prometheus_client
BuildRequires: python3-pyOpenSSL >= 16.0.0
BuildRequires: python3-pyasn1 >= 0.1.9
BuildRequires: python3-pyasn1-modules >= 0.0.7
BuildRequires: python3-pymacaroons-pynacl >= 0.13.0
BuildRequires: python3-pynacl >= 1.2.1
BuildRequires: python3-pysaml2 >= 4.5.0
BuildRequires: python3-pyyaml >= 3.11
BuildRequires: python3-service-identity >= 18.1.0
BuildRequires: python3-signedjson >= 1.1.0
BuildRequires: python3-sortedcontainers >= 1.4.4
BuildRequires: python3-systemd >= 231
BuildRequires: python3-treq >= 15.1
BuildRequires: python3-twisted >= 18.9.0
BuildRequires: python3-typing-extensions >= 3.7.4
BuildRequires: python3-unpaddedbase64 >= 1.1.0
BuildRequires: systemd
BuildRequires: xmlsec1 BuildRequires: xmlsec1
BuildRequires: xmlsec1-openssl
Requires(pre): shadow-utils
Requires: systemd
%{?systemd_requires}
%description %description
Matrix is an ambitious new ecosystem for open federated Instant Messaging and Matrix is an ambitious new ecosystem for open federated Instant Messaging and
@ -44,207 +74,67 @@ to showcase the concept of Matrix and let folks see the spec in the context of
a coded base and let you run your own homeserver and generally help bootstrap a coded base and let you run your own homeserver and generally help bootstrap
the ecosystem. the ecosystem.
%pyproject_extras_subpkg -n %{name} matrix-synapse-ldap3 postgres saml2 oidc systemd url_preview jwt cache_memory
%prep %prep
%autosetup -p1 -n %{srcname}-%{ghversion}%{rcx} %autosetup -p1 -n %{srcname}-%{version}%{rcx}
#sed -i 's|"cryptography>=3.4.7",|"cryptography>=3.4",|' synapse/python_dependencies.py
#rm tests/storage/test_background_update.py
# We don't support the built-in client so remove all the bundled JS. # We don't support the built-in client so remove all the bundled JS.
rm -rf synapse/static rm -rf synapse/static
%generate_buildrequires
# Missing: sentry,opentracing,redis
%pyproject_buildrequires -x test,matrix-synapse-ldap3,postgres,saml2,oidc,systemd,url_preview,jwt,cache_memory
%build %build
%pyproject_wheel %py3_build
%install %install
%pyproject_install %py3_install
%py3_shebang_fix %{buildroot}%{python3_sitelib}/%{srcname}/_scripts
%pyproject_save_files %{srcname} # Synapse includes some benchmarks in a separate Python package named "synmark"
# which is installed by default. Remove it to avoid shipping it in the Fedora
# package, since it is unlikely to be useful to end users.
rm -r %{buildroot}%{python3_sitelib}/synmark/
install -p -D -T -m 0644 contrib/systemd/log_config.yaml %{buildroot}%{_sysconfdir}/synapse/log_config.yaml install -p -D -T -m 0644 contrib/systemd/log_config.yaml %{buildroot}%{_sysconfdir}/synapse/log_config.yaml
install -p -D -T -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/sysconfig/synapse install -p -D -T -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/sysconfig/synapse
install -p -D -T -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/synapse.service install -p -D -T -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/synapse.service
install -p -D -T -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/synapse@.service
install -p -d -m 755 %{buildroot}/%{_sharedstatedir}/synapse install -p -d -m 755 %{buildroot}/%{_sharedstatedir}/synapse
install -p -D -m 0644 %{SOURCE3} %{buildroot}%{_sysusersdir}/%{name}.conf
%check %check
set -o pipefail PYTHONPATH=. trial-3 tests
PYTHONPATH=%{buildroot}%{python3_sitearch}:%{buildroot}%{python3_sitelib}:$PWD trial-3 tests | tee trial.stdout
# Guard against new types of tests being skipped.
WHITELIST="Requires hiredis
Requires jaeger_client
Requires Postgres
\`BaseFederationServlet\` does not support cancellation yet."
REASONS=$(cat trial.stdout | sed -n '/^\[SKIPPED\]$/{n;p;}')
SKIPPED=$(comm -23 <(echo "$REASONS" | sort | uniq) <(echo "$WHITELIST" | sort | uniq))
if [ ! -z "$SKIPPED" ]; then
echo -e "Failing, because tests were skipped:\n$SKIPPED"
exit 1
fi
%pre %pre
%sysusers_create_compat %{SOURCE3} getent group synapse >/dev/null || groupadd -r synapse
getent passwd synapse >/dev/null || \
useradd -r -g synapse -d %{_sharedstatedir}/synapse -s /sbin/nologin \
-c "The user for the Synapse Matrix server" synapse
exit 0
%post %post
%systemd_post synapse.service %systemd_post synapse.service
%systemd_post synapse@*.service
%preun %preun
%systemd_preun synapse.service %systemd_preun synapse.service
%systemd_preun synapse@*.service
%postun %postun
%systemd_postun_with_restart synapse.service %systemd_postun_with_restart synapse.service
%systemd_postun_with_restart synapse@*.service
%files -f %{pyproject_files}
%files
%license LICENSE %license LICENSE
%doc *.rst %doc *.rst
%config(noreplace) %{_sysconfdir}/sysconfig/synapse %config(noreplace) %{_sysconfdir}/sysconfig/synapse
%{python3_sitelib}/synapse/
%{python3_sitelib}/matrix_synapse*.egg-info/
%{_bindir}/* %{_bindir}/*
%{_unitdir}/synapse.service %{_unitdir}/synapse.service
%{_unitdir}/synapse@.service
%attr(755,synapse,synapse) %dir %{_sharedstatedir}/synapse %attr(755,synapse,synapse) %dir %{_sharedstatedir}/synapse
%attr(755,synapse,synapse) %dir %{_sysconfdir}/synapse %attr(755,synapse,synapse) %dir %{_sysconfdir}/synapse
%attr(644,synapse,synapse) %config(noreplace) %{_sysconfdir}/synapse/* %attr(644,synapse,synapse) %config(noreplace) %{_sysconfdir}/synapse/*
%{_sysusersdir}/%{name}.conf
%changelog %changelog
* Tue Jul 26 2022 Kai A. Hiller <V02460@gmail.com> - 1.63.1-1
- Update to v1.63.1
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.62.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jul 14 2022 Kai A. Hiller <V02460@gmail.com> - 1.62.0-1
- Update to v1.62.0
* Wed Jun 29 2022 Kai A. Hiller <V02460@gmail.com> - 1.61.1-1
- Update to v1.61.1
- Fix CVE-2022-31052
* Tue Jun 14 2022 Kai A. Hiller <V02460@gmail.com> - 1.61.0-1
- Update to v1.61.0
* Thu Jun 09 2022 Kai A. Hiller <V02460@gmail.com> - 1.60.0-1
- Update to v1.60.0
* Thu May 19 2022 Kai A. Hiller <V02460@gmail.com> - 1.59.1-1
- Update to v1.59.1
* Wed May 18 2022 Kai A. Hiller <V02460@gmail.com> - 1.59.0-1
- Update to v1.59.0
* Wed May 04 2022 Kai A. Hiller <V02460@gmail.com> - 1.58.0-1
- Update to v1.58.0
* Thu Apr 21 2022 Dan Callaghan <djc@djc.id.au> - 1.57.0-1
- Update to v1.57.0
* Tue Apr 05 2022 Kai A. Hiller <V02460@gmail.com> - 1.56.0-1
- Update to v1.56.0
* Thu Mar 24 2022 Kai A. Hiller <V02460@gmail.com> - 1.55.0-1
- Update to v1.55.0
* Tue Mar 08 2022 Kai A. Hiller <V02460@gmail.com> - 1.54.0-1
- Update to v1.54.0
* Tue Feb 22 2022 Kai A. Hiller <V02460@gmail.com> - 1.53.0-1
- Update to v1.53.0
* Wed Feb 09 2022 Kai A. Hiller <V02460@gmail.com> - 1.52.0-2
- Backport: Fix losing incoming EDUs if debug logging enabled
* Tue Feb 08 2022 Kai A. Hiller <V02460@gmail.com> - 1.52.0-1
- Update to v1.52.0
- Create synapse user and group declaratively
* Thu Jan 27 2022 Kai A. Hiller <V02460@gmail.com> - 1.51.0-1
- Update to v1.51.0
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.49.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Dec 21 2021 Kai A. Hiller <V02460@gmail.com> - 1.49.2-1
- Update to v1.49.2
* Tue Dec 14 2021 Kai A. Hiller <V02460@gmail.com> - 1.49.0-1
- Update to v1.49.0
* Tue Nov 30 2021 Kai A. Hiller <V02460@gmail.com> - 1.48.0-1
- Update to v1.48.0
* Wed Nov 24 2021 Kai A. Hiller <V02460@gmail.com> - 1.47.1-1
- Update to v1.47.1
- Fix CVE-2021-41281
* Fri Nov 19 2021 Kai A. Hiller <V02460@gmail.com> - 1.47.0-1
- Update to v1.47.0
* Thu Nov 04 2021 Kai A. Hiller <V02460@gmail.com> - 1.46.0-1
- Update to v1.46.0
* Thu Oct 21 2021 Kai A. Hiller <V02460@gmail.com> - 1.45.1-1
- Update to v1.45.1
* Mon Oct 18 2021 Kai A. Hiller <V02460@gmail.com> - 1.44.0-1
- Update to v1.44.0
* Thu Sep 09 2021 Kai A. Hiller <V02460@gmail.com> - 1.42.0-1
- Update to v1.42.0
* Tue Aug 31 2021 Kai A. Hiller <V02460@gmail.com> - 1.41.1-1
- Update to v1.41.1
- Fix CVE-2021-39163, CVE-2021-39164
* Tue Aug 24 2021 Kai A. Hiller <V02460@gmail.com> - 1.41.0-1
- Update to v1.41.0
* Tue Aug 10 2021 Kai A. Hiller <V02460@gmail.com> - 1.40.0-1
- Update to v1.40.0
* Thu Jul 29 2021 Kai A. Hiller <V02460@gmail.com> - 1.39.0-1
- Update to v1.39.0
* Fri Jul 23 2021 Kai A. Hiller <V02460@gmail.com> - 1.38.1-1
- Update to v1.38.1
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.38.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Sun Jul 18 2021 Dan Callaghan <djc@djc.id.au> - 1.38.0-2
- fix startup ordering of synapse.service (RHBZ#1910740)
- relax version requirement for python3-cryptography
* Wed Jul 14 2021 Kai A. Hiller <V02460@gmail.com> - 1.38.0-1
- Update to v1.38.0
* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 1.26.0-3
- Rebuilt for Python 3.10
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.26.0-2
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Thu Jan 28 2021 Kai A. Hiller <V02460@gmail.com> - 1.26.0-1 * Thu Jan 28 2021 Kai A. Hiller <V02460@gmail.com> - 1.26.0-1
- Update to v1.26.0 - Update to v1.26.0

View file

@ -1,2 +0,0 @@
#Type Name ID GECOS Home directory Shell
u synapse - "Runs the Synapse Matrix homeserver" /run/synapse /sbin/nologin

1
sources Normal file
View file

@ -0,0 +1 @@
SHA512 (synapse-1.26.0.tar.gz) = 82ca85aa4dc1e3220f89e7f6815786135fa9bd0b33a1055f63b309b1fa193eeb993f832db573586945191e7195e42926c5342776b249dbc8e83daf4c196f00a4

View file

@ -1,6 +1,5 @@
[Unit] [Unit]
Description=Synapse Matrix homeserver Description=Synapse Matrix homeserver
After=network-online.target postgresql.service
[Service] [Service]
Type=notify Type=notify
@ -8,7 +7,7 @@ NotifyAccess=main
User=synapse User=synapse
Group=synapse Group=synapse
WorkingDirectory=/var/lib/synapse WorkingDirectory=/var/lib/synapse
ExecStart=/usr/bin/synapse_homeserver --config-path=/etc/synapse/homeserver.yaml ExecStart=/usr/bin/python3 -m synapse.app.homeserver --config-path=/etc/synapse/homeserver.yaml
ExecReload=/bin/kill -HUP $MAINPID ExecReload=/bin/kill -HUP $MAINPID
# EnvironmentFile=-/etc/sysconfig/synapse # Can be used to e.g. set SYNAPSE_CACHE_FACTOR # EnvironmentFile=-/etc/sysconfig/synapse # Can be used to e.g. set SYNAPSE_CACHE_FACTOR
SyslogIdentifier=synapse SyslogIdentifier=synapse

View file

@ -1,70 +0,0 @@
[Unit]
Description=Synapse Worker %i
AssertPathExists=/etc/synapse/workers/%i.yaml
# This service should be restarted when the synapse target is restarted.
#PartOf=synapse.target
#ReloadPropagatedFrom=synapse.target
# if this is started at the same time as the main, let the main process start
# first, to initialise the database schema.
After=synapse.service
[Service]
Type=notify
NotifyAccess=main
User=synapse
WorkingDirectory=/var/lib/synapse
ExecStart=/usr/bin/synapse_worker --config-path=/etc/synapse/homeserver.yaml --config-path=/etc/synapse/workers/%i.yaml
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
RestartSec=3
SyslogIdentifier=synapse-%i
Environment="LD_PRELOAD=/usr/lib64/libjemalloc.so.2"
CPUAccounting=on
MemoryAccounting=on
MemoryHigh=500M
MemoryMax=1G
MemorySwapMax=1G
CPUWeight=75
PrivateTmp=yes
PrivateDevices=true
PrivateUsers=true
CapabilityBoundingSet=
AmbientCapabilities=
DevicePolicy=closed
ProtectSystem=strict
ProtectHome=yes
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectClock=true
ProtectKernelLogs=yes
ProtectHostname=true
ProtectProc=invisible
ProcSubset=pid
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
NoNewPrivileges=yes
LockPersonality=yes
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=~@privileged @resources @obsolete
RemoveIPC=true
[Install]
WantedBy=multi-user.target